Require ODoH relays to be present

ODoH target stamps don't include certificate hashes; they are not
meant to be used directly.
This commit is contained in:
Frank Denis 2021-06-08 10:18:51 +02:00
parent 33ed882efe
commit ec581597a2
3 changed files with 18 additions and 35 deletions

View File

@ -142,17 +142,6 @@ t || dig -p${DNS_PORT} A MICROSOFT.COM @127.0.0.1 | grep -Fq "NOERROR" || fail
kill $(cat /tmp/dnscrypt-proxy.pidfile)
sleep 5
section
../dnscrypt-proxy/dnscrypt-proxy -loglevel 4 -config test-odoh-direct.toml -pidfile /tmp/odoh-direct.pidfile &
sleep 5
section
t || dig -p${DNS_PORT} A microsoft.com @127.0.0.1 | grep -Fq "NOERROR" || fail
t || dig -p${DNS_PORT} A cloudflare.com @127.0.0.1 | grep -Fq "NOERROR" || fail
kill $(cat /tmp/odoh-direct.pidfile)
sleep 5
section
../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test-odoh-proxied.toml -pidfile /tmp/odoh-proxied.pidfile &
sleep 5

View File

@ -1,9 +0,0 @@
server_names = ['odohtarget']
listen_addresses = ['127.0.0.1:5300']
[query_log]
file = 'query.log'
[static]
[static.'odohtarget']
stamp = 'sdns://BQcAAAAAAAAAF29kb2guY2xvdWRmbGFyZS1kbnMuY29tCi9kbnMtcXVlcnk'

View File

@ -690,27 +690,33 @@ func fetchTargetConfigsFromWellKnown(proxy *Proxy, url *url.URL) ([]ODoHTargetCo
func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew bool) (ServerInfo, error) {
configURL := &url.URL{Scheme: "https", Host: stamp.ProviderName, Path: "/.well-known/odohconfigs"}
odohTargetConfigs, err := fetchTargetConfigsFromWellKnown(proxy, configURL)
if err != nil || len(odohTargetConfigs) == 0 {
return ServerInfo{}, fmt.Errorf("[%s] does not have an ODoH configuration", name)
if err != nil {
dlog.Debug(configURL)
return ServerInfo{}, fmt.Errorf("[%s] didn't return an ODoH configuration - [%v]", name, err)
} else if len(odohTargetConfigs) == 0 {
dlog.Debug(configURL)
return ServerInfo{}, fmt.Errorf("[%s] has an empty ODoH configuration", name)
}
relay, err := route(proxy, name)
if err != nil {
return ServerInfo{}, err
}
if relay == nil || relay.ODoH == nil {
relay = nil
}
if relay == nil {
dlog.Warnf("No ODoH relay defined for [%v]", name)
} else {
dlog.Debugf("Pausing after ODoH configuration retrieval")
delay := time.Duration(rand.Intn(5*1000)) * time.Millisecond
clocksmith.Sleep(time.Duration(delay))
dlog.Debugf("Pausing done")
if relay.ODoH == nil {
dlog.Criticalf("No relay defined for [%v] - Configuring a relay is required for ODoH servers (see the `[anonymized_dns]` section)", name)
} else {
dlog.Criticalf("Wrong relay type defined for [%v] - ODoH servers require an ODoH relay", name)
}
return ServerInfo{}, errors.New("No ODoH relay")
}
dlog.Debugf("Pausing after ODoH configuration retrieval")
delay := time.Duration(rand.Intn(5*1000)) * time.Millisecond
clocksmith.Sleep(time.Duration(delay))
dlog.Debugf("Pausing done")
targetURL := &url.URL{
Scheme: "https",
Host: stamp.ProviderName,
@ -722,10 +728,7 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
odohTargetConfigs[i], odohTargetConfigs[j] = odohTargetConfigs[j], odohTargetConfigs[i]
})
for _, odohTargetConfig := range odohTargetConfigs {
url := targetURL
if relay != nil {
url = relay.ODoH.URL
}
url := relay.ODoH.URL
query := dohTestPacket(0xcafe)
odohQuery, err := odohTargetConfig.encryptQuery(query)